[Snyk] Security upgrade react-native from 0.40.0 to 0.69.12

[MHxGH-ServiceAccount]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• example/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-15309438	170

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

Note

High Risk
Large react-native major-version jump is likely to introduce breaking changes in build, native modules, and runtime behavior even though the diff is small.

Overview
Updates example/package.json to upgrade react-native from ^0.40.0 to ^0.69.12 (Snyk-driven dependency bump) to address a reported vulnerability in the dependency tree.

^{Written by Cursor Bugbot for commit ab5de19. This will update automatically on new commits. Configure here.}

[MHxGH-ServiceAccount]

Upgrading from react-native version 0.40.0 to 0.69.12 is a massive undertaking that spans approximately 29 major versions and several years of development. This is not a direct upgrade but a significant migration project that involves fundamental architectural changes, API removals, and tooling updates.

Key Breaking Changes & Architectural Shifts:

• Project Structure & Tooling: Native project files (iOS/Android) have undergone extensive changes. The upgrade requires a complete overhaul of project configurations. The React Native CLI introduced breaking changes in v8.0, removing link and unlink commands in favor of autolinking.
• Core Component Migration: Many core components and modules have been removed from the React Native package and extracted into community-maintained packages. This includes AsyncStorage, WebView, NetInfo, and SegmentedComponentIOS. Your code must be updated to import and use these from their new packages.
• React 18 Support: Version 0.69 is the first to support React 18, introducing new hooks and concurrent features. This requires understanding the new capabilities and may involve refactoring how state and effects are managed.
• Hermes as Default Engine: Hermes became the bundled, default JavaScript engine in v0.69, which can significantly impact performance and debugging workflows.
• New Architecture (Fabric/TurboModules): While not enabled by default in 0.69, this version includes support for the new architecture, which replaces the legacy bridge with a more performant JSI (JavaScript Interface). Migrating libraries and custom native modules is a complex process.
• AndroidX Requirement: Support for the Android Support Library was dropped in favor of AndroidX. This is a mandatory and often complex migration for the Android part of the project.

Recommendation:
A direct, in-place upgrade is not feasible and will likely fail. The officially recommended approach is to use the React Native Upgrade Helper tool. However, given the vast version gap, the most practical strategy is to:

1. Create a brand new project using npx react-native init with the target version (0.69.12).
2. Methodically migrate your JavaScript source code, assets, and dependencies to the new project.
3. Re-implement any custom native modules and update dependencies to versions compatible with React Native 0.69 and the new tooling.

This upgrade should be treated as a full project rewrite or a major migration effort, not a routine dependency update.

Source: React Native Upgrade Helper, React Native 0.69 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[MHxGH-ServiceAccount]

⛔ Snyk checks have failed. 4 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (4)
⛔	Open Source Security	0	4	0	0	4 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

Incompatible React version for react-native 0.69

High Severity

Upgrading react-native to ^0.69.12 without updating react from ^15.4.2 creates a peer dependency conflict. react-native 0.69 requires react@18.0.0, but the react dependency is still at version 15. This will cause installation failures or runtime crashes since the two packages are fundamentally incompatible across three major versions.

Additional Locations (1)

• example/package.json#L8-L9

 

[cursor]

Start script references removed CLI path

High Severity

The start script references react-native/local-cli/cli.js, which no longer exists in react-native 0.69.x. The CLI was extracted to the @react-native-community/cli package as part of the Lean Core effort. Running npm start will fail with a "module not found" error.

Additional Locations (1)

• example/package.json#L5-L6